Educause Security Discussion mailing list archives
Re: New Critical RPC Vulnerability
From: Omar Herrera <omar_herrera () BANXICO ORG MX>
Date: Wed, 10 Sep 2003 15:22:47 -0500
Well, I can confirm that there exists allready an exploit (I found the chinese exploit being referentes by the ISS advisory), its old: 30 july. This one only DoSes win 2000 machines; I tested the exploit with Win 2000, SP3 and the MS03-026 patch and RPC service died immediately; after applying the patch mentioned on MS03-039 the RPC service resisted the attack. It is important to mention that, although the attack is on RPC/DCOM, it is not directly related to MS03-026 they are different (different vulnerabilities). I couldnt find any code for Win XP, but eeye is giving enough technical information on this vulnerability that a new exploit will surface as soon as next week (look at the timeline of Blaster, do the math and the results are not too encouraging). Just remember something: not reacting on time is as bad as overreacting (I believe that many problems will arise by over-reactions). Try to test the patch as much as you can before deployment (but be ready to deploy fast ) Regards, Omar Herrera, CISSP Instituto Tecnológico y de Estudios Superiores de Monterrey, Mexico City Campus Information security topic and laboratory -----Mensaje original----- De: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] En nombre de Angel L Cruz Enviado el: Miércoles, 10 de Septiembre de 2003 12:01 PM Para: SECURITY () LISTSERV EDUCAUSE EDU Asunto: [SECURITY] New Critical RPC Vulnerability Importancia: Alta Colleagues: Im afraid we have another critical MS Vulnerability notice: http://www.microsoft.com/security/security_bulletins/ms03-039.asp. Impacted include Windows NT, Windows 2000, Windows XP, Windows 2003. Not impacted include Windows 95/98/ME/SE, Mac OS, UNIX, LINUX, other commercial systems. Actual patch has just been placed online and supercedes other RPC patches (if you have patched for MS03-026, apply MS03-039; if you have not applied MS03-026, just apply MS03-039 to fix both issues at once). Recommend you review the notice and related knowledge base article 824146 as soon as possible for action planning. MS has posted a tool for finding vulnerable systems at http://support.microsoft.com/?kbid=827363. We are not aware of exploit code out yet, but it should follow very soon -- more news to follow. -Angel Mr. Angel L. Cruz, BS Director & University ISO ITS - Information Security Office The University of Texas at Austin 1 University Station, #G0900 Austin, Texas 78712-0557 (512) 475-9462 cruz () austin utexas edu ++++++++++++++++++++++++++++++++++++++++++++ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. If you are not the named addressee you should not distribute or copy this e-mail. Please notify the sender immediately if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is prohibited. ++++++++++++++++++++++++++++++++++++++++++++ ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- New Critical RPC Vulnerability Angel L Cruz (Sep 10)
- <Possible follow-ups>
- Re: New Critical RPC Vulnerability Omar Herrera (Sep 10)